@bananapus/address-registry-v6 0.0.33 → 0.0.35

package/README.md

@@ -12,7 +12,7 @@
 - [AUDIT_INSTRUCTIONS.md](./AUDIT_INSTRUCTIONS.md) — scope, critical invariants, and attack surfaces for auditors.
 - [SKILLS.md](./SKILLS.md) — orientation map for AI agents working in this repo.
 - [STYLE_GUIDE.md](./STYLE_GUIDE.md) — Solidity and repo conventions for the V6 ecosystem.
-- [CHANGELOG.md](./CHANGELOG.md) — verified deltas from v5 to v6.
+- [CHANGELOG.md](./CHANGELOG.md) - verified V5 to V6 deltas.
 
 ## Overview
 
@@ -25,15 +25,13 @@ Because the address is computed deterministically, registrations do not need acc
 
 Use this repo when deployer provenance matters. Do not confuse it with an allowlist, review registry, or trust oracle.
 
-If the question is "is this hook safe?" this repo can only tell you who deployed it, not whether the code is good.
-
-## Key Contract
+## Key contract
 
 | Contract | Role |
 | --- | --- |
 | `JBAddressRegistry` | Standalone registry that stores `deployerOf[address]` and exposes overloaded `registerAddress` entrypoints. |
 
-## Mental Model
+## Mental model
 
 The registry is intentionally narrow:
 
@@ -43,25 +41,25 @@ The registry is intentionally narrow:
 
 Anything beyond that is out of scope.
 
-## Read These Files First
+## Read these files first
 
 1. `src/JBAddressRegistry.sol`
 2. `test/JBAddressRegistry.t.sol`
 3. `test/JBAddressRegistryEdge.t.sol`
 4. `test/regression/RegressionFrontRunRegistrationDoS.t.sol`
 
-## Integration Traps
+## Integration traps
 
 - provenance is only useful if callers also know what the deployer is trusted for
 - permissionless registration is intentional, so integrations should verify the computed inputs rather than assume caller authority
 - `create` nonce reconstruction and `create2` salt-bytecode reconstruction are different trust paths and should be reasoned about separately
 
-## Where State Lives
+## Where state lives
 
 - deployer provenance: `JBAddressRegistry`
 - deployment truth: the target chain history and bytecode inputs outside this repo
 
-## High-Signal Tests
+## High-signal tests
 
 1. `test/JBAddressRegistry.t.sol`
 2. `test/JBAddressRegistryEdge.t.sol`
@@ -87,7 +85,7 @@ Useful scripts:
 - `npm run deploy:mainnets`
 - `npm run deploy:testnets`
 
-## Deployment Notes
+## Deployment notes
 
 The deploy script uses Sphinx for deterministic deployment. This package is intentionally small and independent because many other repos use it to record clone factories and helper deployments.
 
@@ -101,7 +99,7 @@ Provide the matching RPC URLs through environment variables before proposing or
 - `RPC_ETHEREUM_MAINNET`, `RPC_OPTIMISM_MAINNET`, `RPC_BASE_MAINNET`, `RPC_ARBITRUM_MAINNET`
 - `RPC_ETHEREUM_SEPOLIA`, `RPC_OPTIMISM_SEPOLIA`, `RPC_BASE_SEPOLIA`, `RPC_ARBITRUM_SEPOLIA`
 
-## Repository Layout
+## Repository layout
 
 ```text
 src/
@@ -114,13 +112,15 @@ script/
   helpers/
 ```
 
-## Risks And Notes
+## Risks and notes
 
 - provenance is not the same as safety; a known deployer can still deploy unsafe code
 - registrations are first-write only, so bad initial registration is sticky
 - the `create` path relies on nonce reconstruction and intentionally rejects unrealistic nonce ranges
 
-## For AI Agents
+## For AI agents
 
 - Describe this repo as a provenance registry, not as an allowlist or safety oracle.
 - Read the edge and review tests before making claims about frontrunning or unauthorized registration.
+
+If the question is "is this hook safe?" this repo can only tell you who deployed it, not whether the code is good.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bananapus/address-registry-v6",
-  "version": "0.0.33",
+  "version": "0.0.35",
   "license": "MIT",
   "repository": {
     "type": "git",

package/references/operations.md

@@ -1,13 +1,13 @@
 # Address Registry Operations
 
-## Change Checklist
+## Change checklist
 
 - If you edit `create` reconstruction logic, verify nonce-boundary behavior.
 - If you edit `create2` behavior, verify bytecode hashing and salt assumptions.
 - If a user asks whether a contract is "safe," redirect the question to code provenance plus code review, not the registry alone.
 - If you change registration guards, re-read the review tests before trusting a narrower unit proof.
 
-## Common Failure Modes
+## Common failure modes
 
 - Operators confuse deployer provenance with trustworthiness.
 - Registration is attempted with stale deployment inputs from another repo or environment.

package/references/runtime.md

@@ -1,16 +1,16 @@
 # Address Registry Runtime
 
-## Core Role
+## Core role
 
 - [`src/JBAddressRegistry.sol`](../src/JBAddressRegistry.sol) reconstructs deployment addresses from `create` or `create2` inputs and binds a deployer to that computed address once.
 
-## High-Risk Areas
+## High-risk areas
 
 - First-write semantics: bad initial registration can become sticky.
 - Provenance scope: this repo proves deployer identity, not code safety or allowlist status.
 - Input correctness: wrong nonce, salt, or bytecode assumptions produce wrong addresses.
 
-## Tests To Trust First
+## Tests to trust first
 
 - [`test/JBAddressRegistry.t.sol`](../test/JBAddressRegistry.t.sol) for baseline behavior.
 - [`test/JBAddressRegistryEdge.t.sol`](../test/JBAddressRegistryEdge.t.sol) for boundary conditions.

package/src/JBAddressRegistry.sol

@@ -101,6 +101,7 @@ contract JBAddressRegistry is IJBAddressRegistry {
     /// @dev Adapted from https://ethereum.stackexchange.com/a/87840/68134
     /// @param origin The deployer's address.
     /// @param nonce The nonce used to deploy the contract.
+    /// @return addr The computed address of the contract deployed with `create`.
     function _addressFrom(address origin, uint256 nonce) internal pure returns (address addr) {
         if (nonce > type(uint64).max) revert JBAddressRegistry_NonceTooLarge(nonce);
 

package/src/interfaces/IJBAddressRegistry.sol

@@ -1,8 +1,9 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.0;
 
-/// @notice A registry that maps deployed contract addresses to their deployers, allowing anyone to verify who deployed
-/// a given contract. Primarily used to verify the trustworthiness of Juicebox hooks and extensions.
+/// @notice A public registry that records who deployed a given contract. Anyone can register a contract's deployer,
+/// and anyone can look it up — enabling frontend clients and other contracts to verify that a Juicebox hook or
+/// extension was deployed by a trusted source.
 interface IJBAddressRegistry {
     /// @notice Emitted when a contract's deployer is registered.
     /// @param addr The address of the registered contract.
@@ -16,11 +17,15 @@ interface IJBAddressRegistry {
     function deployerOf(address addr) external view returns (address deployer);
 
     /// @notice Register a contract that was deployed with `create` (standard deployment).
+    /// @dev The address is derived deterministically from the deployer and nonce, and code must already exist there
+    /// before the deployer is recorded.
     /// @param deployer The address that deployed the contract.
     /// @param nonce The deployer's transaction nonce at the time of deployment.
     function registerAddress(address deployer, uint256 nonce) external;
 
     /// @notice Register a contract that was deployed with `create2` (deterministic deployment).
+    /// @dev The address is derived deterministically from the deployer, salt, and bytecode, and code must already
+    /// exist there before the deployer is recorded.
     /// @param deployer The address that deployed the contract.
     /// @param salt The `create2` salt used during deployment.
     /// @param bytecode The full deployment bytecode, including constructor arguments.